Re: WLC 4402 - Certificate & URL - Page 2

vmody · ‎10-08-2007

WLC 4402

Software Version 4.1.185.0

PART ONE - CERTIFICATE:

I have a certificate that I am trying to import into WLC. When using "transfer download start" I get the following error: "error installing certificate".

When I use "debug pm pki enable" functionality I see this as the cause of the above error: "sshpmDecodePrivateKey: private key decode failed..." and "sshpmAddWebadminCert: key extraction failed."

What do I need to do to resolve this error? I followed all the instructions regarding using openssl to request a csr.

PART TWO: URL

When a user gets redirected to authenticate they get "https://1.1.1.1 as the URL and they get the login page. When I change the DNS host name in 'virtual' interface to https://wifi.ourdomain.com the user gets a "Page not found" instead of a login page? I cannot add a DNS entry to 1.1.1.1 in our DNS servers (does not recognise 1.1.1.1 as valid IP) so what do I need to do?

Thanks!

Vikram

Frank · ‎04-29-2008

I am having the same issue.

TFTP receive complete... Installing Certificate.

Tue Apr 29 08:56:51 2008: Still waiting! Status = 2

Tue Apr 29 08:56:54 2008: Adding cert (2851 bytes) with password ""

Tue Apr 29 08:56:54 2008: sshpmAddWebauthCert: extracting private key from webauth cert; pwd: <>.

Tue Apr 29 08:56:54 2008: sshpmDecodePrivateKey: ssh_skb_get_info() failed.

Tue Apr 29 08:56:54 2008: sshpmAddWebauthCert: key extraction failed.

Tue Apr 29 08:56:54 2008: RESULT_STRING: Error installing certificate.

Tue Apr 29 08:56:54 2008: RESULT_CODE:12

Tue Apr 29 08:56:54 2008: ummounting: cwd = /mnt/application

Tue Apr 29 08:56:54 2008: finished umounting

Has anyone been able to resolve this?

Scott Fella · ‎04-29-2008

Looks like you didn't create the pem file correctly. use this doc to create a valid CSR.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

Once this is installed on the WLC, you then need to go to the VIP interface and put the DNS that you used in the CN for the cert. You will have to reboot the WLC after this. Make sure you can resolve the homepage of the user or else you will get "page cannot be displayed". Also if you have a proxy, then it will fail and you will have to disable proxy and after authentication, then enable proxy.

-Scott
*** Please rate helpful posts ***

marcin.waliczek · ‎04-10-2011

Hello

I have the same problem now:

sshpmDecodePrivateKey: ssh_skb_get_info() failed

It seems that this is not a problem of certificate itself, because it works on two WLCs (installed in December 2010), but can't install now on other WLCs.

Any ideas ?

Regards

Marcin

Andrew Schulz · ‎02-14-2013

Ok, I think this explains it.

http://www.my80211.com/home/2011/1/16/wlcgenerate-third-party-web-authentication-certificate-for-a.html looks like I have to combine all certs into one. I'll give this a try.

Scott Fella · ‎02-14-2013

Yes you do... Looks like you found George's blog:)

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

George Stefanick · ‎02-14-2013

This is one my most visited blog post ,..

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________